| @@ -15,89 +15,17 class ApiTest::HttpBasicLoginTest < ActionController::IntegrationTest | |||
|
|
15 | 15 | |
|
|
16 | 16 | # Using the NewsController because it's a simple API. |
|
|
17 | 17 | context "get /news" do |
|
|
18 | setup do | |
|
|
19 | project = Project.find('onlinestore') | |
|
|
20 | EnabledModule.create(:project => project, :name => 'news') | |
|
|
21 | end | |
|
|
18 | 22 | |
|
|
19 | 23 | context "in :xml format" do |
|
|
20 | context "with a valid HTTP authentication" do | |
|
|
21 | setup do | |
|
|
22 | @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') | |
|
|
23 | @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') | |
|
|
24 | get "/news.xml", nil, :authorization => @authorization | |
|
|
25 | end | |
|
|
26 | ||
|
|
27 | should_respond_with :success | |
|
|
28 | should_respond_with_content_type :xml | |
|
|
29 | should "login as the user" do | |
|
|
30 | assert_equal @user, User.current | |
|
|
31 | end | |
|
|
32 | end | |
|
|
33 | ||
|
|
34 | context "with an invalid HTTP authentication" do | |
|
|
35 | setup do | |
|
|
36 | @user = User.generate_with_protected! | |
|
|
37 | @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'wrong_password') | |
|
|
38 | get "/news.xml", nil, :authorization => @authorization | |
|
|
39 | end | |
|
|
40 | ||
|
|
41 | should_respond_with :unauthorized | |
|
|
42 | should_respond_with_content_type :xml | |
|
|
43 | should "not login as the user" do | |
|
|
44 | assert_equal User.anonymous, User.current | |
|
|
45 | end | |
|
|
46 | end | |
|
|
47 | ||
|
|
48 | context "without credentials" do | |
|
|
49 | setup do | |
|
|
50 | get "/projects/onlinestore/news.xml" | |
|
|
51 | end | |
|
|
52 | ||
|
|
53 | should_respond_with :unauthorized | |
|
|
54 | should_respond_with_content_type :xml | |
|
|
55 | should "include_www_authenticate_header" do | |
|
|
56 | assert @controller.response.headers.has_key?('WWW-Authenticate') | |
|
|
57 | end | |
|
|
58 | end | |
|
|
24 | should_allow_http_basic_auth_with_username_and_password(:get, "/projects/onlinestore/news.xml") | |
|
|
59 | 25 | end |
|
|
60 | 26 | |
|
|
61 | 27 | context "in :json format" do |
|
|
62 | context "with a valid HTTP authentication" do | |
|
|
63 | setup do | |
|
|
64 | @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password') | |
|
|
65 | @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') | |
|
|
66 | get "/news.json", nil, :authorization => @authorization | |
|
|
67 | end | |
|
|
68 | ||
|
|
69 | should_respond_with :success | |
|
|
70 | should_respond_with_content_type :json | |
|
|
71 | should "login as the user" do | |
|
|
72 | assert_equal @user, User.current | |
|
|
73 | end | |
|
|
74 | end | |
|
|
75 | ||
|
|
76 | context "with an invalid HTTP authentication" do | |
|
|
77 | setup do | |
|
|
78 | @user = User.generate_with_protected! | |
|
|
79 | @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'wrong_password') | |
|
|
80 | get "/news.json", nil, :authorization => @authorization | |
|
|
81 | end | |
|
|
82 | ||
|
|
83 | should_respond_with :unauthorized | |
|
|
84 | should_respond_with_content_type :json | |
|
|
85 | should "not login as the user" do | |
|
|
86 | assert_equal User.anonymous, User.current | |
|
|
87 | end | |
|
|
88 | end | |
|
|
89 | end | |
|
|
90 | ||
|
|
91 | context "without credentials" do | |
|
|
92 | setup do | |
|
|
93 | get "/projects/onlinestore/news.json" | |
|
|
94 | end | |
|
|
95 | ||
|
|
96 | should_respond_with :unauthorized | |
|
|
97 | should_respond_with_content_type :json | |
|
|
98 | should "include_www_authenticate_header" do | |
|
|
99 | assert @controller.response.headers.has_key?('WWW-Authenticate') | |
|
|
100 | end | |
|
|
28 | should_allow_http_basic_auth_with_username_and_password(:get, "/projects/onlinestore/news.json") | |
|
|
101 | 29 | end |
|
|
102 | 30 | end |
|
|
103 | 31 | end |
| @@ -186,12 +186,62 class ActiveSupport::TestCase | |||
|
|
186 | 186 | end |
|
|
187 | 187 | end |
|
|
188 | 188 | |
|
|
189 | # Test that a request allows the username and password for HTTP BASIC | |
|
|
190 | # | |
|
|
191 | # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete) | |
|
|
192 | # @param [String] url the request url | |
|
|
193 | # @param [optional, Hash] parameters additional request parameters | |
|
|
194 | def self.should_allow_http_basic_auth_with_username_and_password(http_method, url, parameters={}) | |
|
|
195 | context "should allow http basic auth using a username and password for #{http_method} #{url}" do | |
|
|
196 | context "with a valid HTTP authentication" do | |
|
|
197 | setup do | |
|
|
198 | @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password', :admin => true) # Admin so they can access the project | |
|
|
199 | @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password') | |
|
|
200 | send(http_method, url, parameters, {:authorization => @authorization}) | |
|
|
201 | end | |
|
|
202 | ||
|
|
203 | should_respond_with :success | |
|
|
204 | should_respond_with_content_type_based_on_url(url) | |
|
|
205 | should "login as the user" do | |
|
|
206 | assert_equal @user, User.current | |
|
|
207 | end | |
|
|
208 | end | |
|
|
209 | ||
|
|
210 | context "with an invalid HTTP authentication" do | |
|
|
211 | setup do | |
|
|
212 | @user = User.generate_with_protected! | |
|
|
213 | @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'wrong_password') | |
|
|
214 | send(http_method, url, parameters, {:authorization => @authorization}) | |
|
|
215 | end | |
|
|
216 | ||
|
|
217 | should_respond_with :unauthorized | |
|
|
218 | should_respond_with_content_type_based_on_url(url) | |
|
|
219 | should "not login as the user" do | |
|
|
220 | assert_equal User.anonymous, User.current | |
|
|
221 | end | |
|
|
222 | end | |
|
|
223 | ||
|
|
224 | context "without credentials" do | |
|
|
225 | setup do | |
|
|
226 | send(http_method, url, parameters, {:authorization => ''}) | |
|
|
227 | end | |
|
|
228 | ||
|
|
229 | should_respond_with :unauthorized | |
|
|
230 | should_respond_with_content_type_based_on_url(url) | |
|
|
231 | should "include_www_authenticate_header" do | |
|
|
232 | assert @controller.response.headers.has_key?('WWW-Authenticate') | |
|
|
233 | end | |
|
|
234 | end | |
|
|
235 | end | |
|
|
236 | ||
|
|
237 | end | |
|
|
238 | ||
|
|
189 | 239 | # Test that a request allows full key authentication |
|
|
190 | 240 | # |
|
|
191 | 241 | # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete) |
|
|
192 | 242 | # @param [String] url the request url, without the key=ZXY parameter |
|
|
193 | 243 | def self.should_allow_key_based_auth(http_method, url) |
|
|
194 | context "should allow key based auth using key=X for #{url}" do | |
|
|
244 | context "should allow key based auth using key=X for #{http_method} #{url}" do | |
|
|
195 | 245 | context "with a valid api token" do |
|
|
196 | 246 | setup do |
|
|
197 | 247 | @user = User.generate_with_protected! |
General Comments 0
You need to be logged in to leave comments.
Login now